So I have a setup where I have a 4 port VyOS router and two of the ports will connect to cable internet, one residential and one business.
I will also have two wireguard connections to the same provider with each serving up a /29. Each of the WG interfaces will go into its own vrf and have a vif assigned for further deployment down into the network while keeping separation.
My question is, with the two wire guard peers using the same peer IP, is there a way to direct them to my different internet connections? Along with that, do the connections to the wireguard peer always use the “default” vrf or is there a way to use a different one. Or does the wireguard interface use the vrf it is assigned to to find the default outbound route?
Still trying to wrap my head around wireguard and the way connectivity works out to the peer.
Here is my wg interface currently and the only default route on the box is in the default vrf connected to eth0.
ethernet eth0 {
address 10.1.10.2/24
description “Comcast Business Modem”
hw-id 00:0d:b9:55:da:54
}
wireguard wg02 {
address 100.64.101.6/30
description “Freerange 123.152.224.112/29”
peer to-freerange2 {
address 23.152.224.18
allowed-ips 0.0.0.0/0
port 41195
pubkey
}
vrf freerange2
}
vrf {
name freerange2 {
description “FreeRange 23.152.224.112/29”
table 102
}
}
run show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR, f - OpenFabric,
> - selected route, * - FIB route, q - queued route, r - rejected route
S>* 0.0.0.0/0 [1/0] via 10.1.10.1, eth0, 00:31:10
C>* 10.1.10.0/24 is directly connected, eth0, 00:31:19
C>* 192.168.1.0/24 is directly connected, eth2.100, 00:29:28
run show ip route table 102
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR, f - OpenFabric,
> - selected route, * - FIB route, q - queued route, r - rejected route
VRF default table 102:
S>* 0.0.0.0/0 [1/0] via 100.64.101.5, wg02, 00:23:19
K 0.0.0.0/0 [255/8192] unreachable (ICMP unreachable), 00:32:04
C>* 23.152.224.112/29 is directly connected, eth2.1002, 00:26:35
C>* 100.64.101.4/30 is directly connected, wg02, 00:31:50
vyos@vyos# run show ip route vrf freerange2
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR, f - OpenFabric,
> - selected route, * - FIB route, q - queued route, r - rejected route
VRF freerange2:
S>* 0.0.0.0/0 [1/0] via 100.64.101.5, wg02, 00:23:30
K 0.0.0.0/0 [255/8192] unreachable (ICMP unreachable), 00:32:15
C>* 23.152.224.112/29 is directly connected, eth2.1002, 00:26:46
C>* 100.64.101.4/30 is directly connected, wg02, 00:32:01